Serverless applications open to new wave of cryptojacking
Serverless computing is increasingly popular as it allows developers to upload code for functions to the cloud rather than run it on local servers.
But specialist in serverless security PureSec has released a report detailing how hackers can turn a single vulnerable serverless function into a virtual cryptomining farm by taking advantage of the scaleable nature of the architecture.
Exploiting the auto-scaling capabilities of serverless architecture, a single attack could hijack resources in order to run hundreds to thousands instances of popular tools that mine cryptocurrencies such as Bitcoin, Ethereum and Monero.
Researchers at PureSec were able to force serverless functions, which were vulnerable to remote code execution, to download an off-the-shelf crypto-miner during function execution. The miner performed its cryptomining computations in parallel to the application’s normal execution tasks, making the hijack invisible to the end user. A targeted company might therefore only discover the issue when they received their monthly serverless bill for processing time.
"Serverless applications are a crypto-jackers dream," says Ory Segal, PureSec co-founder and CTO. "They scale automatically, and a hacker can easily turn a single vulnerable function into a virtual crypto-mining farm almost instantly. The same strengths and benefits that make serverless ideal for many software companies also attract malicious actors. Like any new technology, serverless brings new security challenges."
During a simulated attack, the PureSec team also caused the serverless platforms to scale, running the same function repeatedly until they reached the platform's limit for concurrent operations. This effectively turns one single vulnerable function into a whole cryptomining farm.
The full report is available to download from the PureSec website.